Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)

• Previous message: Mike Silbersack: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
• In reply to: Mike Silbersack: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
• Next in thread: Mike Silbersack: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
• Reply: Mike Silbersack: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
• Reply: jayanth: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 21 Apr 2004 16:31:14 -0700 (PDT)
To: silby@silby.com, jayanth@yahoo-inc.com

On 21 Apr, Mike Silbersack wrote:
>
> On Wed, 21 Apr 2004, Don Lewis wrote:
>
>> > 1. Accept all RSTs meeting the criteria you just listed above.
>>
>> At this step, it would be better if we used the window size that was
>> advertised it the last packet sent, since that is what the sequence
>> number of the RST packet will be calculated from, while the window size
>> could have increased if data was consumed from the receive queue between
>> the time we sent the last packet and when we received the RST.
>>
>> It doesn't look like we keep the necessary data for this. Probably the
>> easiest thing to do would be to calculate the expected sequence number
>> in tcp_output() and stash it in the pcb.
>
> Do you have access to a system that exhibits the "RST at end of window"
> syndrome so that you could code up and test out this part of the patch?

Nope. The only report of this that I saw was from jayanth. Judging by
the tcpdump timestamps, it looks like whatever this wierd piece of
hardware was, it was nearby.

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Mike Silbersack: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
• In reply to: Mike Silbersack: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
• Next in thread: Mike Silbersack: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
• Reply: Mike Silbersack: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
• Reply: jayanth: "Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: TV Card setup (repost) - baskitcaise, help please! :-) ... >> These are messages from your firewall and can get a bit out of hand the ... >> number your DNS server by any chance? ... "Don't fragment" this IP packet if it's too big, drop it and send an ICMP ... Window size? ... (alt.os.linux.suse) Re: Application, dll and driver design ... But there is one problem with replacing window messages with packet reading ... I have 15 processes all talking to each other and Dll process. ... > each app that blocks while trying to read from the shared buffer of ... (microsoft.public.win32.programmer.ui) Re: Problems w/ Debian firewall and Windows VPN ... the last packet being sent is a TCP Zero Window ... > connection starts fine, but after 5-10 minutes, it disconnects. ... > client is a TCP RST, ... (Debian-User) Re: preliminary conclusions regarding window size issues ... Indeed fiddly - not only does the packet have to disappear, ... Another thought that ocurred to me is that this might be a window tracking ... TCP port 514 is rsh, but when I try rsh on that port it doesn't work. ... (Linux-Kernel) Re: Family Circus, Friday, June 1st ... There's already a convenient way to get the array size; ... Then the socket packet pocket has an error to report! ... And the double-clicking icon puts your window in the trash, ... What a shame sir! ... (rec.arts.comics.strips)